Last Day to Get a MacBook Air, Surface Pro 7, or $350 Off with OnDemand - Register Now!


To attend this webcast, login to your SANS Account or create your Account.

Utilizing the Critical Security Controls to Secure Healthcare Technology

  • Wednesday, August 28, 2013 at 1:00 PM EDT (2013-08-28 17:00:00 UTC)
  • James Tarala

You can now attend the webcast using your mobile device!



The development of the SANS Twenty Security Controls is transforming the way companies measure and monitor the success of their security programs while drastically reducing the cost of security. Fifteen of the twenty controls can be automated, some at no cost to the organization, and the data is readily available to be presented in conference rooms and board rooms. Upon implementing, hospitals will have the ability to measure compliance, track progress, and know when theyve reached certain goals. The controls are free for use and easy to implement.

They were developed and agreed upon by a consortium including NSA, US Cert, DoD JTF-GNO, the Department of Energy Nuclear Laboratories, Department of State, DoD Cyber Crime Center as well as the top commercial forensics experts and pen testers serving the banking and critical infrastructure communities. Since the US State Department implemented these controls they have demonstrated more than 80% reduction in measured security risk through the rigorous automation and measurement of the Top 20 Controls. (from the SANS website -

And by applying this framework to its HIT platform, Shared Health has proactively advanced its Information Security program to know in near real-time the status of critical metrics that allow for continuous, meaningful monitoring and assessment.

This presentation will feature James Tarala, who will outline the Top Twenty Security Controls, the benefits of implementation, and his experience in the results they generate.

Speaker Bio

James Tarala

James Tarala is a principal consultant with Enclave Security, based in Venice, Florida. He is a regular speaker and senior instructor with the SANS Institute, specializing in the implementation of the Critical Security Controls. He is also a courseware author and editor for many SANS auditing and security courses. As a consultant, he has spent the past few years architecting large enterprise IT security and infrastructure architectures, specifically working with many Microsoft-based directory services, email, terminal services, and wireless technologies. He has also spent a large amount of time consulting with organizations to assist them in their security management, operational practices, and regulatory compliance issues, and he often performs independent security audits and assists internal audit groups in developing their internal audit programs.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.